NAME

SYNOPSIS

DESCRIPTION

gzsig embeds or verifies RSA PKCS #1 v2.0 or DSA SHA1 signatures in
gzip(1) compressed files using SSH identity keys, RSA public keys, or
X509 certificates.
The file operands are processed in command-line order. If file is a sin-
gle dash ('-') or absent, gzsig reads from the standard input.
The options are as follows:
sign Sign the input using the private key in privkey.
verify Verify the signature using the public key in pubkey.
-q Enable quiet mode.
-v Disable quiet mode.
-fsecret_file
Indicates that the passphrase for the key should be read from
secret_file instead of being supplied manually.
The gzsig utility exits 0 on success or >0 if an error occured.

SEE ALSO

AUTHORS

Dug Song <dugsong@arbor.net>
SSH2 support by Marius Eriksen <marius@openbsd.org>
RSA public key (in the format generated by ssh-keygen -E) by Thorsten
Glaser <tg@mirbsd.de>.

BUGS

gzsig version 1 only supports SHA-1 hashes. The extension field format
consists of a magic, "GS", a version identifier (1), and the hash. A pro-
posed version 2 would write out both the version 1 field and a version 2
field supporting multiple hashes at the same time, all of which are
checked, together with some kind of algorithm ID. This would be used to
prevent attacks against a single algorithm or family of hash algorithms.
Ideally, you'd combine the version 1 SHA-1 or a version 2 RIPEMD-160 with
a version 2 TIGER or WHIRLPOOL and a version 2 CRC (cksum, sum, sysvsum,
suma, sfv).
July 6, 2001 1